Google's reported deal with the National Security Agency to work together on cyber-security issues is raising questions among privacy advocates, including Electronic Privacy Information Center, which filed a Freedom of Information Act request Feb. 4 seeking records regarding the relationship between Google and the NSA.
EPIC also filed a lawsuit separate from the FOIA seeking more information on the NSA's authority over the security of U.S. computer networks.
Additionally, in the FOIA request, EPIC wants the records of any communications between Google and the NSA regarding the search giant's failure to encrypt Gmail messages prior to a reported cyber-attack from within China. Immediately after the attacks, Google encrypted Gmail messages.
"There is particular urgency for the public to obtain information about the relationship between the NSA and Google," EPIC said in its FOIA request. "As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google."
The Washington Post reported Feb. 3 that Google and the NSA had entered into a "partnership" to help analyze the attack by permitting them to "share critical information." Neither Google nor the NSA has confirmed the report but a NSA spokesman acknowledged that "as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers."
Another report by the Wall Street Journal claimed the agreement between Google and the NSA was finalized with 24 hours of the attack, allowing the NSA to examine some of the data related to the Google attack. Both the FBI and NSA immediately dispatched officials to work directly with Google.
EPIC wants to know just exactly what information is being shared.
EPIC's inquiry into Google's encryption efforts relates to a nearly year-old complaint the privacy agency filed with the FTC (Federal Trade Commission) urging the FTC to investigate the adequacy of Google's cloud computing privacy and security safeguards.